2019-02-13
ALT-BU-2019-3486-1
Branch c7.1 update bulletin.
Closed vulnerabilities
Published: 2018-11-08
BDU:2020-00704
Уязвимость функции pnv_lpc_do_eccb (hw/ppc/pnv_lpc.c) эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании и получить несанкционированный доступ к памяти PowerNV
Severity: MEDIUM (5.5)
Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2018-11-15
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-18954
The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory.
Severity: MEDIUM (5.5)
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
- openSUSE-SU-2019:1074
- openSUSE-SU-2019:1074
- [oss-security] 20181107 CVE-2018-18954 QEMU: ppc64: Out-of-bounds r/w stack access in pnv_lpc_do_eccb
- [oss-security] 20181107 CVE-2018-18954 QEMU: ppc64: Out-of-bounds r/w stack access in pnv_lpc_do_eccb
- 105920
- 105920
- [Qemu-devel] 20181103 [PATCH v2] ppc/pnv: check size before data buffer access
- [Qemu-devel] 20181103 [PATCH v2] ppc/pnv: check size before data buffer access
- 20190531 [SECURITY] [DSA 4454-1] qemu security update
- 20190531 [SECURITY] [DSA 4454-1] qemu security update
- USN-3826-1
- USN-3826-1
- DSA-4454
- DSA-4454